>Here's my big fear: Even IF (and that's a BIG if) we get all critical vulnerabilities fixed in tech (before adversarial/state-actors turn up with open attack models) - we still have (in at least a year) models that will be so good in social engineering that they can still (given enough tokens) gain access to whatever system they want.

I was working at the fruit company when they just hard stopped people from recovering their fruitcloud accounts via phone support due to social engineering.

Social Engineering risk just increases the burden on the consumer/internal support services. The risk is that not everyone has pulled up stumps to protect these services. After a few high profile fuck ups they will. The herd loses 2 beasts and the rest wander away from that water hole.

Its much like how after bitlocker we dont have user access to backup server disks anymore. The lesson was learned and we moved on. Lots of high profile fuckups but we dont get those anymore. CTO's were forced, basically at gunpoint, to adapt or die.